CN114187000A - Signature method, device, storage medium and processor for dispersing private key - Google Patents
Signature method, device, storage medium and processor for dispersing private key Download PDFInfo
- Publication number
- CN114187000A CN114187000A CN202111509533.9A CN202111509533A CN114187000A CN 114187000 A CN114187000 A CN 114187000A CN 202111509533 A CN202111509533 A CN 202111509533A CN 114187000 A CN114187000 A CN 114187000A
- Authority
- CN
- China
- Prior art keywords
- signature
- component
- vector
- hash value
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the application provides a signature method, equipment, a storage medium and a processor for a dispersed private key. Generating and outputting a public key component according to the private key component by controlling each device component; generating a target public key according to the public key component; the control device component generates and outputs a signature intermediate vector; determining a first hash value according to the signature intermediate vector; outputting the first hash value to the device component, so that the device component generates and outputs a signature component according to the first hash value, the private key component and the signature intermediate vector; generating a signature result according to the signature component; and verifying the signature result according to the target public key. The method has the advantages that the method supports the dispersion of the private key to a plurality of devices and completes the final signature by redesigning on the basis of a classic signature algorithm Fiat-Shamir with abort having quantum computer attack resistance capability, and solves the problems that the traditional signature algorithm for dispersing the private key is easily attacked by a quantum computer and has poor safety.
Description
Technical Field
The present application relates to the field of information security technologies, and in particular, to a signature method, device, storage medium, and processor for a distributed private key.
Background
The mobile user terminal is an extension of the financial system, and is one of the potential safety hazards at the end of the financial system. This is because the mobile client does not have a powerful firewall device on the server side, and therefore is more vulnerable to attacks than the server side. Furthermore, the application code at the mobile user side is more vulnerable to reverse analysis by hackers, thereby causing the disclosure of the private key concerning the user identity. Once the private identity key of the user is revealed, a hacker can impersonate the user to conduct all business activities, so that great financial loss can be caused, and even legal risks are brought to the client.
Therefore, in the digital signature scheme at the mobile user end, the private key of the user is generally dispersed to a plurality of devices, and the digital signature of the user is finally completed by performing combined signature through the plurality of devices. Currently, the joint signature algorithm based on the dispersed private key is only based on Elliptic curve cryptography (eccecccc) and the version based on the RSA algorithm. These cryptographic algorithms are designed based on recognized mathematical problems, with excellent security characteristics against classical computer attacks. However, the quantum computer has an incomparable ultra-strong parallel processing capability compared with a classical computer, and can provide exponential acceleration based on a quantum algorithm on the specific calculation difficulty problem, for example, the Shor quantum algorithm can crack the asymmetric cryptographic algorithms (such as RSA, ECC and the like) adopted by the current mainstream standard, and thus, the quantum computer forms a potential significant security threat to the existing financial system. Therefore, the existing distributed private key signature algorithm is easily attacked by a quantum computer, and the security is poor.
Disclosure of Invention
An embodiment of the application aims to provide a signature method, a device, a storage medium and a processor for a dispersed private key, and aims to solve the problems that in the prior art, a signature algorithm of the dispersed private key is easily attacked by a quantum computer and has poor safety.
In order to achieve the above object, a first aspect of the present application provides a signature method for scattering a private key, including:
controlling each device component to generate and output a public key component according to the private key component;
generating a target public key according to the public key component;
the control device component generates and outputs a signature intermediate vector;
determining a first hash value according to the signature intermediate vector;
outputting the first hash value to the device component, so that the device component generates and outputs a signature component according to the first hash value, the private key component and the signature intermediate vector;
generating a signature result according to the signature component;
and verifying the signature result according to the target public key.
In this embodiment of the present application, controlling each device component to generate and output a public key component according to a private key component includes:
generating a random matrix;
and outputting the random matrix to each equipment component so that the equipment component generates and outputs a public key component according to the random matrix and the private key component.
In the embodiment of the present application, the public key component is obtained by the following formula:
wherein, tiIs the public key component of device component i, a is the random matrix,
a private key component of a first preset dimension for device component i,
and the private key component of the second preset dimension of the device component i.
In this embodiment of the present application, generating a target public key according to a public key component includes:
summing the public key components to obtain a first summation result;
and combining the random matrix and the first summation result to obtain the target public key.
In the embodiment of the present application, the controlling device component generates and outputs the signature intermediate vector, including:
and outputting the random matrix to each equipment component so that the equipment components generate and output the signature intermediate vector according to the random matrix.
In the embodiment of the present application, generating and outputting a signature intermediate vector according to a random matrix includes:
generating a first random number vector of a first preset dimension;
generating a second random number vector of a second preset dimension;
multiplying the random matrix by the first random number vector, and then summing the random matrix and the second random number vector to obtain a signature intermediate vector;
verifying whether the signature intermediate vector meets a first preset safety condition;
and outputting the signature intermediate vector under the condition that the signature intermediate vector meets a first preset safety condition.
In an embodiment of the present application, determining a first hash value according to a signed intermediate vector output by a device component includes:
summing the signature intermediate vectors output by the equipment components to obtain a first vector;
extracting high-order information in the first vector to obtain a second vector;
acquiring a signature message for signature;
and carrying out hash operation on the second vector and the signature message to obtain a first hash value.
In this embodiment of the present application, generating and outputting a signature component according to the first hash value, the private key component, and the signature intermediate vector includes:
generating a signature component according to the first hash value, the private key component and the signature intermediate vector;
verifying whether the signature component meets a second preset safety condition;
and outputting the signature component under the condition that the signature component meets a second preset safety condition.
In the embodiment of the present application, the signature component is obtained by the following formula:
wherein z is(i)Is the signature component of the device component i, W(i)Is the signed intermediate vector for device component i, C is the first hash value,
a private key component of a first preset dimension for the device component i.
In an embodiment of the present application, generating a signature result according to a signature component includes:
summing the signature components to obtain a second summation result;
and combining the first hash value and the second summation result to obtain a signature result.
In the embodiment of the present application, verifying the signature result according to the target public key includes:
determining a third vector according to the target public key and the signature result;
extracting high-order information of the third vector to obtain a fourth vector;
verifying whether the second summation result meets a third preset safety condition;
acquiring a signature message for signature under the condition that the second summation result meets a third preset safety condition;
performing hash operation on the fourth vector and the signature message to obtain a second hash value;
judging whether the first hash value is equal to the second hash value;
judging that the verification is passed under the condition that the first hash value is equal to the second hash value;
and in the case that the first hash value and the second hash value are not equal, judging that the verification fails.
In the embodiment of the present application, the fourth vector is obtained by the following formula:
W1'=HighBits(AZ-Ct,2γ2);
wherein, W1' is a fourth vector, A is a random matrix, Z is a summation result of signature components in the signature result, C is a first hash value, t is a summation result of public key components in the target public key, and gamma is2Is preset with safety parameters.
A second aspect of the application provides a processor configured to perform a signing method for distributing private keys according to the above.
A third aspect of the present application provides a signing device for distributing private keys, comprising the processor described above.
A fourth aspect of the present application provides a machine-readable storage medium having instructions stored thereon, wherein the instructions, when executed by a processor, cause the processor to be configured to perform the above-mentioned signature method for scattering private keys.
A fifth aspect of the application provides a computer program product comprising a computer program, characterized in that the computer program realizes the above-mentioned signature method for decentralized private keys when executed by a processor.
Through the technical scheme, the method supports the dispersion of the private key to a plurality of devices and completes the final signature by redesigning on the basis of a classic signature algorithm Fiat-Shamir with abort having quantum computer attack resistance, and solves the problems that the traditional signature algorithm for dispersing the private key is easily attacked by a quantum computer and has poor safety.
Additional features and advantages of embodiments of the present application will be described in detail in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the embodiments of the disclosure, but are not intended to limit the embodiments of the disclosure. In the drawings:
fig. 1 schematically shows an application environment diagram of a signature method for scattering a private key according to an embodiment of the present application;
fig. 2 schematically shows a flow diagram of a signing method for decentralized private keys according to an embodiment of the application;
FIG. 3 schematically shows a timing diagram of a signing method for scattering private keys according to an embodiment of the present application;
fig. 4 schematically shows an internal structure diagram of a computer device according to an embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it should be understood that the specific embodiments described herein are only used for illustrating and explaining the embodiments of the present application and are not used for limiting the embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that if directional indications (such as up, down, left, right, front, and back … …) are referred to in the embodiments of the present application, the directional indications are only used to explain the relative positional relationship between the components, the movement situation, and the like in a specific posture (as shown in the drawings), and if the specific posture is changed, the directional indications are changed accordingly.
In addition, if there is a description of "first", "second", etc. in the embodiments of the present application, the description of "first", "second", etc. is for descriptive purposes only and is not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In addition, technical solutions between various embodiments may be combined with each other, but must be realized by a person skilled in the art, and when the technical solutions are contradictory or cannot be realized, such a combination should not be considered to exist, and is not within the protection scope of the present application.
The signature method for dispersing the private key provided by the application can be applied to the application environment shown in fig. 1. Where the trusted third party 104 communicates with the plurality of device components 102 over a network, where the trusted third party 104 may be a signature server or one of the device components. The trusted third party 104 controls the device component 102 to output a public key component and a signature component, and the trusted third party 104 generates a target public key according to the public key component to realize generation of an external unified public key; generating a signature result according to the signature component to realize digital signature; and verifying the signature result according to the target public key to realize signature verification.
Fig. 2 schematically shows a flow diagram of a signature method for scattering a private key according to an embodiment of the present application. As shown in fig. 2, in an embodiment of the present application, a signature method for scattering a private key is provided, which may include the following steps:
and 202, controlling each device component to generate and output a public key component according to the private key component.
The main process of the classic signature algorithm Fiat-Shamir with Aborts can be divided into three steps of generating a public and private key pair, performing digital signature and performing signature verification. The drawbacks of this algorithm are evident: the method cannot support multi-device common signature under the dispersed private key, and when the private key of the user is stored in the mobile terminal and the mobile terminal device is stolen, the private key can be stolen, and thus the signature can be imitated by a hacker.
Aiming at the defect, the embodiment of the application redesigns the classic signature algorithm to support the dispersion of the private key to a plurality of devices, and completes the final digital signature through the common signature of the plurality of devices.
Assuming that there are n device components, a trusted third party is needed to support algorithm completion, and in actual operation, the trusted third party may be a signature server or one of the device components. The embodiment of the application takes a trusted third party as an execution subject to realize the algorithm.
It should be understood that the private key component refers to a private key that is stored in each device component in a distributed manner, the public key component refers to a public key that is stored in each device component, and the target public key refers to a public key that is stored in a trusted third party and used for signature verification. Step 202 and step 204 are the first steps in the Fiat-Shamir with Aborts algorithm: the improvement of generating public and private key pairs realizes the combination of a plurality of private key components to obtain a unified external target public key.
Fig. 3 schematically shows a timing diagram of a signing method for scattering private keys according to an embodiment of the application. Referring to fig. 3, the trusted third party may control the device component to generate and output the public key component according to the random matrix and the private key component by generating the random matrix and outputting the random matrix to each device component.
In a particular implementation, the random matrix may be determined by:
the method comprises the following steps of obtaining a random matrix A, obtaining a first preset dimensionality of the random matrix A, obtaining a second preset dimensionality of the random matrix A, obtaining a random number, and obtaining a prime number. The first predetermined dimension may be a number of columns, and the second predetermined dimension may be a number of rows.
And after receiving the random matrix, the device components respectively generate private key components, and generate and output a public key component according to the private key components.
In a particular implementation, the private key component may be determined by the following equation:
wherein the content of the first and second substances,
is the private key component of device component i.
The public key component is obtained by the following formula:
wherein, tiIs the public key component of device component i, a is the random matrix,
a private key component of a first preset dimension for device component i,
and the private key component of the second preset dimension of the device component i.
Device component i generates public key component tiThen, the public key component tiSending to the trusted third party, and sending the public key component t to the trusted third partyiAnd generating a target public key.
In particular implementations, the public key component t may be combinediSumming to obtain a first summation result t, wherein t is t1+t2+t3。。。。。。+tn. And combining the random matrix A and the first summation result t to obtain a target public key (t, A).
In step 206, the control device component generates and outputs a signature intermediate vector.
A first hash value is determined 208 from the signed intermediate vector.
And step 210, outputting the first hash value to the device component, so that the device component generates and outputs a signature component according to the first hash value, the private key component and the signature intermediate vector.
Step 212 generates a signature result from the signature component.
It should be understood that steps 206 through 210 are the second step in the Fiat-Shamir with Aborts algorithm: the improvement of digital signature realizes the combination of a plurality of device components for signature, and guarantees the third step: the algorithm of signature verification is consistent with the original classical algorithm.
Referring to fig. 3, for step 206, the trusted third party may control the device component to generate and output the signature intermediate vector according to the random matrix by generating the random matrix and outputting the random matrix to each device component.
In one example, the device component may generate a first random number vector of a first preset dimension upon receiving the random matrix; generating a second random number vector of a second preset dimension; multiplying the random matrix by the first random number vector, and then summing the random matrix and the second random number vector to obtain a signature intermediate vector; verifying whether the signature intermediate vector meets a first preset safety condition; and outputting the signature intermediate vector under the condition that the signature intermediate vector meets a first preset safety condition.
In a specific implementation, the first random number vector may be obtained by:
wherein, y(i)Is a first random number vector, l is a first predetermined dimension, γ1Is a first preset safety parameter. First random number vector y of dimension l(i)In the range [ - (γ) ]1-1),γ1-1) inside.
The second random number vector may be obtained by:
wherein e is(i)And k is a second random number vector, k is a second preset dimensionality, and eta is a second preset safety parameter. A second random number vector e of dimension k(i)Within the range [ - η, η ]).
The signature intermediate vector can be obtained by:
W(i)=Ay(i)+e(i);
wherein, W(i)In order to sign the intermediate vector of the signature,a is a random matrix.
Further, in order to ensure the security of the protocol, the pair W is required(i)Is somewhat constrained so that W is output(i)Satisfies the safety constraint.
In one example, the vector may be derived from the vector W(i)Extracting high-order information, carrying out hash operation on the high-order information and a signature message used for signature, and recording an operation result as C1, wherein in order to ensure the high efficiency of subsequent calculation, C1 is regarded as binary data, and the number of increasing 1 and decreasing 1 in C1 is restricted not to exceed an upper bound tau.
Combining C1 with private key component of first preset dimension of current device
Multiply and sum the result with a first random number vector y(i)Adding to obtain a new vector Z1。
In a specific implementation, the high-order information can be obtained by the following formula:
W1 (i)=HighBits(W(i),2γ2);
wherein, W1 (i)Being high-order information, gamma2And a third preset safety parameter.
The hash result C1 can be obtained by the following equation:
C1∈Bτ:=H(M|W1 (i));
wherein, W1 (i)M is a signature message, and τ is a fourth security parameter.
New vector Z1Can be obtained by the following formula:
to ensure the correctness of the subsequent calculation results, the vector Z1The following conditions should be satisfied:
condition one is
I.e. if Z1Is greater than or equal to infinite norm
If the signature fails, the step of generating the first random number vector is returned, gamma1Is a first random number vector y(i)Upper bound of middle element, beta is
And
the result of the multiplication.
The second condition is
I.e. first computing the signature intermediate vector W(i)Minus
And taking 2 gamma to the result2Lower information in the range if the lower information is greater than or equal to
And if so, indicating that the calculation has potential safety hazard, and returning to the step of generating the first random number vector.
If both the first condition and the second condition are met, the operation is reasonable, and the intermediate vector W of the signature is used(i)And outputting to the trusted third party.
For step 208, after receiving the signature intermediate vector output by the device component, the trusted third party sums the signature intermediate vector to obtain a first vector; extracting high-order information in the first vector to obtain a second vector; acquiring a signature message for signature; and carrying out hash operation on the second vector and the signature message to obtain a first hash value.
In a specific implementation, the first hash value may be obtained by the following formula:
r1=HighBits(r,2γ2);
C∈Bτ:=H(M|r1);
wherein r is a first vector, r1Is the second vector and C is the first hash value.
For step 210, after the trusted third party outputs the first hash value to the device component, the device component may generate a signature component according to the first hash value, the private key component, and the signature intermediate vector; verifying whether the signature component meets a second preset safety condition; and outputting the signature component under the condition that the signature component meets a second preset safety condition.
In a specific implementation, the signature component is obtained by the following formula:
wherein z is(i)Is the signature component of the device component i, W(i)Is the signed intermediate vector for device component i, C is the first hash value,
a private key component of a first preset dimension for the device component i.
To ensure the correctness of the subsequent calculation result, the signature component z can also be limited(i)The following conditions should be satisfied: condition one is
The second condition is
When the signature component z(i)And when the two conditions are simultaneously met, outputting the signature component to the trusted third party.
For step 212, the trusted third party receives the tagAfter the name component, according to the pair signature component z(i)Summing to obtain a second summation result Z, wherein Z is Z(1)+z(2)+z(3)......+z(n)(ii) a And combining the first hash value C and the second summation result Z to obtain a signature result (C, Z).
And 214, verifying the signature result according to the target public key.
It should be noted that, step 214 and the third step in the Fiat-Shamir with Aborts algorithm: the signature verification process is completely consistent, and by using a completely consistent signature verification algorithm, a signature verification party cannot distinguish whether the signature is completed by a plurality of devices together or completed by one device, so that the signature safety is further improved.
For step 214, the trusted third party may determine a third vector based on the target public key and the signature result; extracting high-order information of the third vector to obtain a fourth vector; verifying whether the second summation result meets a third preset safety condition; acquiring a signature message for signature under the condition that the second summation result meets a third preset safety condition; performing hash operation on the fourth vector and the signature message to obtain a second hash value; judging whether the first hash value is equal to the second hash value; judging that the verification is passed under the condition that the first hash value is equal to the second hash value; and in the case that the first hash value and the second hash value are not equal, judging that the verification fails.
In a specific implementation, the fourth vector is obtained by the following formula:
W1'=HighBits(AZ-Ct,2γ2);
wherein, W1' is a fourth vector, A is a random matrix, Z is a summation result of signature components in the signature result, C is a first hash value, t is a summation result of public key components in the target public key, and gamma is2And AZ-Ct is a third vector for presetting safety parameters.
It should be noted that the safety parameters used in the above calculation process are all preset parameters, and the balance between the safety and the efficiency of the calculation can be obtained by adjusting the safety parameters, and in the embodiment of the present application, specific values of the parameters are not constrained.
Further, the third preset safety condition may be set as: | Z | non-conducting phosphor∞<γ1β, i.e. the infinite norm of the result Z of the summation of the signature components in the signature result is smaller than γ1-β。
The method comprises the steps of controlling each device component to generate and output a public key component according to a private key component; generating a target public key according to the public key component; the control device component generates and outputs a signature intermediate vector; determining a first hash value according to the signature intermediate vector; outputting the first hash value to the device component, so that the device component generates and outputs a signature component according to the first hash value, the private key component and the signature intermediate vector; generating a signature result according to the signature component; and verifying the signature result according to the target public key. The method has the advantages that the secret key is distributed to a plurality of devices by redesigning on the basis of a classic signature algorithm Fiat-Shamir with abort with quantum computer attack resistance, and final signature is completed.
Fig. 2 is a flow diagram illustrating a signing method for decentralized private keys in one embodiment. It should be understood that, although the steps in the flowchart of fig. 2 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in fig. 2 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
The embodiment of the application further provides a processor, wherein the processor is used for executing the program, and the program executes the signature method for dispersing the private key when running.
The embodiment of the application also provides a signature device for dispersing the private key, which comprises the processor.
Embodiments of the present application also provide a machine-readable storage medium having stored thereon instructions that, when executed by a processor, cause the processor to be configured to perform the above-described signature method for decentralized private keys.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 4. The computer apparatus includes a processor a01, a network interface a02, a display screen a04, an input device a05, and a memory (not shown in the figure) connected through a system bus. Wherein processor a01 of the computer device is used to provide computing and control capabilities. The memory of the computer device comprises an internal memory a03 and a non-volatile storage medium a 06. The nonvolatile storage medium a06 stores an operating system B01 and a computer program B02. The internal memory a03 provides an environment for the operation of the operating system B01 and the computer program B02 in the nonvolatile storage medium a 06. The network interface a02 of the computer device is used for communication with an external terminal through a network connection. The computer program when executed by processor a01 implements a signing method for distributing private keys. The display screen a04 of the computer device may be a liquid crystal display screen or an electronic ink display screen, and the input device a05 of the computer device may be a touch layer covered on the display screen, a button, a trackball or a touch pad arranged on a casing of the computer device, or an external keyboard, a touch pad or a mouse.
Those skilled in the art will appreciate that the architecture shown in fig. 4 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
The present application further provides a computer program product adapted to perform a program for initializing the following method steps when executed on a data processing device: controlling each device component to generate and output a public key component according to the private key component; generating a target public key according to the public key component; the control device component generates and outputs a signature intermediate vector; determining a first hash value according to the signature intermediate vector; outputting the first hash value to the device component, so that the device component generates and outputs a signature component according to the first hash value, the private key component and the signature intermediate vector; generating a signature result according to the signature component; and verifying the signature result according to the target public key.
In one embodiment, a random matrix is generated; and outputting the random matrix to each equipment component so that the equipment component generates and outputs a public key component according to the random matrix and the private key component.
In one embodiment, the public key component is derived by the following equation:
wherein, tiIs the public key component of device component i, a is the random matrix,
a private key component of a first preset dimension for device component i,
and the private key component of the second preset dimension of the device component i.
In one embodiment, the public key components are summed to obtain a first summation result; and combining the random matrix and the first summation result to obtain the target public key.
In one embodiment, the public key components are summed to obtain a first summation result; and combining the random matrix and the first summation result to obtain the target public key.
In one embodiment, a random matrix is output to each device component, such that the device components generate and output a signed intermediate vector based on the random matrix.
In one embodiment, a first random number vector of a first preset dimension is generated; generating a second random number vector of a second preset dimension; multiplying the random matrix by the first random number vector, and then summing the random matrix and the second random number vector to obtain a signature intermediate vector; verifying whether the signature intermediate vector meets a first preset safety condition; and outputting the signature intermediate vector under the condition that the signature intermediate vector meets a first preset safety condition.
In one embodiment, the signature intermediate vectors output by the device components are summed to obtain a first vector; extracting high-order information in the first vector to obtain a second vector; acquiring a signature message for signature; and carrying out hash operation on the second vector and the signature message to obtain a first hash value.
In one embodiment, a signature component is generated from the first hash value, the private key component, and the signature intermediate vector; verifying whether the signature component meets a second preset safety condition; and outputting the signature component under the condition that the signature component meets a second preset safety condition.
In one embodiment, the signature component is derived by the following equation:
wherein z (i) is the signature component of device component i, W (i) is the signature intermediate vector of device component i, C is the first hash value,
a private key component of a first preset dimension for the device component i.
In one embodiment, the signature components are summed to obtain a second summation result;
and combining the first hash value and the second summation result to obtain a signature result.
In one embodiment, a third vector is determined based on the target public key and the signature result; extracting high-order information of the third vector to obtain a fourth vector; verifying whether the second summation result meets a third preset safety condition; acquiring a signature message for signature under the condition that the second summation result meets a third preset safety condition; performing hash operation on the fourth vector and the signature message to obtain a second hash value; judging whether the first hash value is equal to the second hash value; judging that the verification is passed under the condition that the first hash value is equal to the second hash value; and in the case that the first hash value and the second hash value are not equal, judging that the verification fails.
In one embodiment, the fourth vector is obtained by the following equation:
W1'=HighBits(AZ-Ct,2γ2);
wherein, W1' is a fourth vector, A is a random matrix, Z is a summation result of signature components in the signature result, C is a first hash value, t is a summation result of public key components in the target public key, and gamma is2Is preset with safety parameters.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.
Computer-readable media, which include both non-transitory and non-transitory, removable and non-removable media, may implement the information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (16)
1. A signing method for distributing private keys, comprising:
controlling each device component to generate and output a public key component according to the private key component;
generating a target public key according to the public key component;
controlling the device component to generate and output a signature intermediate vector;
determining a first hash value according to the signature intermediate vector;
outputting the first hash value to the device component, so that the device component generates and outputs a signature component according to the first hash value, the private key component and the signature intermediate vector;
generating a signature result according to the signature component;
and verifying the signature result according to the target public key.
2. The signature method of claim 1, wherein the controlling each device component to generate and output a public key component from a private key component comprises:
generating a random matrix;
and outputting the random matrix to each equipment component so that the equipment component generates and outputs the public key component according to the random matrix and the private key component.
3. The signature method of claim 2, wherein the public key component is obtained by the following formula:
wherein, tiIs the public key component of device component i, a is the random matrix,
a private key component of a first preset dimension for device component i,
and the private key component of the second preset dimension of the device component i.
4. The signature method of claim 2, wherein the generating a target public key from the public key component comprises:
summing the public key components to obtain a first summation result;
and combining the random matrix and the first summation result to obtain the target public key.
5. The signature method of claim 2, wherein the controlling the device component to generate and output a signature intermediate vector comprises:
and outputting the random matrix to each equipment component so that the equipment components generate and output a signature intermediate vector according to the random matrix.
6. The signature method according to claim 5, wherein the generating and outputting the signature intermediate vector according to the random matrix comprises:
generating a first random number vector of a first preset dimension;
generating a second random number vector of a second preset dimension;
multiplying the random matrix by the first random number vector, and then summing the random matrix and the second random number vector to obtain a signature intermediate vector;
verifying whether the signature intermediate vector meets a first preset safety condition;
and outputting the signature intermediate vector under the condition that the signature intermediate vector meets the first preset safety condition.
7. The signature method of claim 5, wherein determining the first hash value from the signed intermediate vector output by the device component comprises:
summing the signature intermediate vectors output by the equipment components to obtain a first vector;
extracting high-order information in the first vector to obtain a second vector;
acquiring a signature message for signature;
and carrying out hash operation on the second vector and the signature message to obtain the first hash value.
8. The signature method of claim 7, wherein the generating and outputting the signature component from the first hash value, the private key component, and the signature intermediate vector comprises:
generating the signature component according to the first hash value, the private key component and the signature intermediate vector;
verifying whether the signature component meets a second preset safety condition;
and outputting the signature component under the condition that the signature component meets the second preset safety condition.
9. The signature method of claim 8, wherein the signature component is obtained by the following formula:
wherein z is(i)Is the signature component of the device component i, W(i)Is the signed intermediate vector of the device component i, C is the first hash value,
a private key component of a first preset dimension for the device component i.
10. The signature method of claim 2, wherein the generating a signature result from the signature component comprises:
summing the signature components to obtain a second summation result;
and combining the first hash value and the second summation result to obtain the signature result.
11. The signature method according to claim 2, wherein the verifying the signature result according to the target public key comprises:
determining a third vector according to the target public key and the signature result;
extracting high-order information of the third vector to obtain a fourth vector;
verifying whether the second summation result meets a third preset safety condition;
acquiring a signature message for signature under the condition that the second summation result meets the third preset safety condition;
performing hash operation on the fourth vector and the signature message to obtain a second hash value;
judging whether the first hash value and the second hash value are equal;
judging that the verification is passed under the condition that the first hash value is equal to the second hash value;
determining that verification fails if the first hash value and the second hash value are not equal.
12. The signature method of claim 11, wherein the fourth vector is obtained by the following formula:
W1'=HighBits(AZ-Ct,2γ2);
wherein, W1' is the fourth vector, A is the random matrix, Z is the result of the summation of the signature components in the signature result, C is the first hash value, t is the result of the summation of the public key components in the target public key, γ2Is preset with safety parameters.
13. A processor configured to perform the signature method for scattering a private key according to any one of claims 1 to 12.
14. A signing device for distributing private keys, comprising a processor according to claim 13.
15. A machine-readable storage medium having instructions stored thereon, which when executed by a processor causes the processor to be configured to perform the signing method for decentralized private keys of any one of claims 1 to 12.
16. A computer program product comprising a computer program, characterized in that the computer program realizes the signature method for scattering a private key according to any one of claims 1 to 12 when being executed by a processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111509533.9A CN114187000A (en) | 2021-12-10 | 2021-12-10 | Signature method, device, storage medium and processor for dispersing private key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111509533.9A CN114187000A (en) | 2021-12-10 | 2021-12-10 | Signature method, device, storage medium and processor for dispersing private key |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114187000A true CN114187000A (en) | 2022-03-15 |
Family
ID=80543198
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111509533.9A Pending CN114187000A (en) | 2021-12-10 | 2021-12-10 | Signature method, device, storage medium and processor for dispersing private key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114187000A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115442052A (en) * | 2022-08-30 | 2022-12-06 | 云海链控股股份有限公司 | Collaborative signature method, system, equipment and computer readable storage medium |
| CN117151713A (en) * | 2023-10-30 | 2023-12-01 | 国网浙江省电力有限公司 | Evaluation transaction integrated calculation force optimization method based on accumulated prospect theory and VIKOR method |
-
2021
- 2021-12-10 CN CN202111509533.9A patent/CN114187000A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115442052A (en) * | 2022-08-30 | 2022-12-06 | 云海链控股股份有限公司 | Collaborative signature method, system, equipment and computer readable storage medium |
| CN115442052B (en) * | 2022-08-30 | 2023-06-23 | 云海链控股股份有限公司 | Collaborative signature method, collaborative signature system, collaborative signature equipment and computer-readable storage medium |
| CN117151713A (en) * | 2023-10-30 | 2023-12-01 | 国网浙江省电力有限公司 | Evaluation transaction integrated calculation force optimization method based on accumulated prospect theory and VIKOR method |
| CN117151713B (en) * | 2023-10-30 | 2024-01-09 | 国网浙江省电力有限公司 | Evaluation transaction integrated calculation force optimization method based on accumulated prospect theory and VIKOR method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7077394B2 (en) | Generating a key authentication statement that gives the device anonymity | |
| Sookhak et al. | Auditing big data storage in cloud computing using divide and conquer tables | |
| US9219602B2 (en) | Method and system for securely computing a base point in direct anonymous attestation | |
| US11716206B2 (en) | Certificate based security using post quantum cryptography | |
| CN114187000A (en) | Signature method, device, storage medium and processor for dispersing private key | |
| EP3729713B1 (en) | Homomorphic encryption for password authentication | |
| US20230379155A1 (en) | Identity Information Processing Method, Device, and System | |
| US11757659B2 (en) | Post-quantum certificate binding | |
| US20160149708A1 (en) | Electronic signature system | |
| CN108028751B (en) | System, computer-readable medium, and method for mobile proactive secret sharing | |
| WO2017006118A1 (en) | Secure distributed encryption system and method | |
| Ponnuramu et al. | Data integrity proof and secure computation in cloud computing | |
| Ukwuoma et al. | Post-quantum cryptography-driven security framework for cloud computing | |
| JP2023551124A (en) | self-audit blockchain | |
| US20220286291A1 (en) | Secure environment for cryptographic key generation | |
| CN111262707B (en) | Digital signature method, verification method, device and storage medium | |
| EP4270865A1 (en) | Information processing system, control method, information processing device, and control program | |
| CN111092721B (en) | Method and device for setting access password | |
| CN112887097A (en) | Signature method based on SM2 elliptic curve, related device and storage medium | |
| US11177945B1 (en) | Controlling access to encrypted data | |
| Ramesh et al. | Cha-Cha 20: stream cipher based encryption for cloud data centre | |
| Naveen Kumar et al. | Chip-based key distribution technique | |
| Kumar | Cloud Security Using Elliptic Curve Cryptography and Diffie Hellman | |
| Tian | Digital forensics in the cloud: Encrypted data evidence tracking | |
| HAGOS | MOBICLOUD DATA SECURITY FRAMEWORK FOR THE MOBILE BANKING INDUSTRY |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |